We treat your data as your property — protected, never sold.
Last updated 2026. This is a plain-language summary for the redesign concept; the binding policies live on zylu.co.
We will not sell your personal data. That's our promise. We never share your information with third parties for their own marketing.
Your data lives on secure, industry-compliant cloud infrastructure, encrypted at rest and in transit.
We run regular security audits and risk assessments with continuous monitoring, and follow a strict incident-response protocol in the rare event of an issue.
Our practices align with SOC 2 Type II and SOC 3, support HIPAA-eligible services, and follow GDPR and CCPA principles.
Access to your data is strictly limited to authorized personnel, protected by multi-factor authentication. You can assign team permission levels and revoke access anytime.
You can request export or deletion of your data at any time; deleted accounts are retained for 15 days before permanent removal.
